1993-03-11 - Re: Hiding Encrypted Messages

Header Data

From: covin@cs.uchicago.edu
To: cypherpunks@toad.com
Message Hash: 76380f0df06c3d42c552a151c1d9b11de0f10d6d3dc77a2865af574cf2833df0
Message ID: <9303111921.AA11361@tartarus.uchicago.edu>
Reply To: N/A
UTC Datetime: 1993-03-11 19:22:47 UTC
Raw Date: Thu, 11 Mar 93 11:22:47 PST

Raw message

From: covin@cs.uchicago.edu
Date: Thu, 11 Mar 93 11:22:47 PST
To: cypherpunks@toad.com
Subject: Re: Hiding Encrypted Messages
Message-ID: <9303111921.AA11361@tartarus.uchicago.edu>
MIME-Version: 1.0
Content-Type: text/plain

>Please... I said: "It's as cumbersome, as one-time pad, but
>without one-time pad security."  Yes, it can be made as
>secure as PGP, but it's still less safe, than
>one-time pad.

I thought the point of hiding the message in a sound or picture file
was to *hide* it, not to gain additional encryption.  Any encryption
you want to do on the message is a separate issue.  Hiding the bits is
just supposed to keep anyone from *trying* to decrypt it in the first
place, and/or to allow you to claim if the message is intercepted that
you weren't *really* sending encrypted messages.

I suspect that if someone manages to decrypt the message, you just flat-out
lose on the "plausible deniability" question.  At least, if the message is
fairly long, coherent, grammatical, etc.  It's just too unlikely that a
long coherent message will be hidden in any regular way in an otherwise
random sequence of bits.  A little statistical analysis might allow some
happy government cryptographers to tell you exactly *how* unlikely it is
that they'd find a message in your data by chance...

As another way to muddy the waters, you might try making the original 
plaintext a bit muddled, ungrammatical, semi-incoherent, rife with 
misspellings, etc... :)


